| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a generic application VM image. It mounts a
filesystem containing the application, and then launches a "run"
script on that filesystem to start the application. The Nix store on
the application filesystem is overlaid onto the generic Nix store, so
shared paths don't have to be duplicated in the application
filesystem.
The "appvm" image is part of the Spectrum system — it lives on the
root filesystem, not the user data partition. Users of course have
the choice not to use the built in image if they don't want to, but
this gives us a default to use for future features like starting VMs
at runtime.
Individual application VMs are now defined in a single Nix file each,
using a VM builder function. I expect this is how Nix-based VMs would
be defined in the user data partition, and then built with Nix into
Spectrum VM configurations.
The new top-level vm-lib directory is intended to be copied into user
Nix expressions that build VMs, and therefore has to be usable
standalone. User-defined VMs should not do any path deduplication
with the system-provided base VM, so that the two can independently
update Nixpkgs. But for VMs that are part of the system (which I
consider the pre-built VMs to be, even though they're currently on the
user data partition), we can safely deduplicate paths that we know to
be present in the base image. So they go through vm/make-vm.nix,
which is a wrapper around vm-lib/make-vm.nix that does this
deduplication.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20221009114036.463071-7-hi@alyssa.is>
|
|
|
|
|
|
|
|
|
| |
In an upcoming Nixpkgs update, some packages in Weston's closure will
have changed to use systemdMinimal, so we have to override that too.
As a side-effect, we have to disable systemd support in polkit, or it
will fail to build due to the new override.
Signed-off-by: Alyssa Ross <alyssa.ross@unikie.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, a file called "config.nix" in the root of the Spectrum
repository will be read if it exists. That file should contain an
attribute set. Currently, only a "pkgs" key is supported, which
allows specifying a custom package set that will be used throughout
the Spectrum Nix files. This will allow us to provide configuartion
options for people who want to build Spectrum in ways that are
probably not suitable for upstreaming.
For example, using the "pkgs" config option I'm introducing here, it
would be possible to use an overlay to patch individual components,
like so:
{
pkgs = import <nixpkgs> {
overlays = [
(final: super: {
weston = super.weston.overrideAttrs ({ patches ? [], ... }: {
patches = patches ++ [
path/to/weston.patch
];
});
})
];
};
}
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20220831093727.282797-1-hi@alyssa.is>
Reviewed-by: Ville Ilvonen <ville.ilvonen@unikie.com>
Tested-by: José Pekkarinen <jose.pekkarinen@unikie.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These drivers should be loaded by the initramfs if required — most
Spectrum installs won't need the virtio drivers on the host, and
overriding the kernel means more stuff we can't reuse from
cache.nixos.org.
We'll probably want to build in the driver for whatever filesystem we
end up using for the root file system eventually, since it will always
be required, but that should be done as part of a more systematic
effort to optimise our kernel configuration.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20220901104629.863380-2-hi@alyssa.is>
Tested-by: José Pekkarinen <jose.pekkarinen@unikie.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will allow us to stop compiling e.g. the virtio-blk module into
the kernel, because it will be loaded by the initramfs.
This introduces some duplication between the rootfs and initramfs's
Makefiles. I don't think it's worth the effort at the moment to try
to reduce that, because it would come at the expense of additional
complexity in the Makefiles. We can revisit this later if we want to.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20220901104629.863380-1-hi@alyssa.is>
Tested-by: José Pekkarinen <jose.pekkarinen@unikie.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're overriding the systemd attribute to point to libudev-zero, so
anything that's trying to build with special systemd support isn't
going to work. We wouldn't be using that anyway, so just overlay
those packages to disable systemd support.
Long term, we can try to fix this upstream by separating the "udev"
and "systemd" attributes, and only overriding the udev one. But that
would be quite a bit of work, and making this change here allows us to
drop a bunch of Nixpkgs patches to disable weston dependencies, so
this is still progress.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
| |
This will save having to download gcc and binutils just to change a
config file in a VM.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
| |
When I adapted this script from gen_modalias.sh.awk, I forgot to
update the script name in the output.
Fixes: aedf5d5 ("scripts/modprobe: generate modules.map")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This isn't a license change — the code was always available under
potential future EUPL versions because of this language in the EUPL:
> Copyleft clause: If the Licensee distributes or communicates copies of the
> Original Works or Derivative Works, this Distribution or Communication will be
> done under the terms of this Licence or of a later version of this Licence
> unless the Original Work is expressly distributed only under this version of the
> Licence — for example by communicating ‘EUPL v. 1.2 only’. The Licensee
> (becoming Licensor) cannot offer or impose any additional terms or conditions on
> the Work or Derivative Work that alter or restrict the terms of the Licence.
But now that reuse 1.0.0 is out, and supports SPDX '+' expressions, we
can express this more clearly in SPDX.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
|
|
|
|
|
|
|
|
| |
This way, we will automatically pick up every redistributable firmware
package available in Nixpkgs, which will help broaden our hardware
compatibility. Using the NixOS infrastructure for this also means
we'll automatically start using compressed firmware once Nixpkgs is
updated.
|
|
|
|
|
|
| |
Nix files shouldn't be considered part of the sources, and so they
should be filtered out. This way, changes to them (that don't change
their meaning) won't force rebuilds.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On the Spectrum host, the kernel delivers uevents to mdevd. By
default, if mdevd doesn't have a handler for an event, it won't do
anything, and other processes that might be interested in the uevent
hear about it. This means that Weston isn't notified about input
device hotplugs. (And USB devices can appear after init has started,
so any USB device counts as hotplugging even if it's attached before
boot or even built in to the computer.)
To fix this, we configure mdevd to rebroadcast events it doesn't
handle on Netlink group 4. These events will then be picked up by
Weston via libudev-zero, which listens on group 4 for hotplug events.
Reported-by: Ville Ilvonen <ville.ilvonen@unikie.com>
Fixes: 372bacd ("etc/s6-rc: add weston service")
Message-Id: <20220424080020.32216-1-hi@alyssa.is>
Tested-by: Ville Ilvonen <ville.ilvonen@unikie.com>
|
| |
|
| |
|
|
|
|
| |
This has been replaced by /etc/s6-linux-init/run-image/service
|
|
|
|
|
| |
Not worth pulling this in any more just for another mkdir
implementation!
|
|
|
|
|
|
|
| |
The main improvement things brings is that it should resolve a rare
race condition in early boot, where s6-rc-init would run before
s6-svscan, and so the boot would hang because s6-rc would never end up
properly running.
|
|
|
|
| |
This is preparatory work before a switch to s6-linux-init.
|
|
|
|
| |
We needed this to work around a bug in Nixpkgs, which I've now fixed.
|
|
|
|
|
|
|
| |
These never needed to be separate. They were the result of some
confusion while I was trying to hack on the Musl fstab parser, briefly
broke comment parsing, and then didn't realise I'd introduced that
breakage.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These fields are pretty much obsolete and are supposed to be optional
according to fstab(5), but upstream Musl requires them. Long ago, I
wrote a patch[1] to fix it, sent it upstream, and then applied it in
Spectrum's Nixpkgs as a temporary measure, to avoid churn in the fstab
files, thinking it would quickly be applied upstream.
But it has now been more than half a year since the last discussion on
my patch. I do think it'll probably be accepted eventually, but at
this point it's not worth patching Musl ourselves for to avoid the
very minor churn of doing this change now, and reverting it when my
patch is finally accepted. So just add the fields, and then we can
drop the patch from our Nixpkgs, and then we won't have to rebuild the
Musl-targetting compilers we could otherwise get from Hydra.
[1]: https://inbox.vuxu.org/musl/20210915221155.3977763-4-hi@alyssa.is/
|
|
|
|
|
|
|
|
| |
The virtio-console device was removed in
45c0e9a ("etc/service/getty-hvc0: remove"), so it wouldn't have had
anything to connect to anyway.
Fixes: 45c0e9a ("etc/service/getty-hvc0: remove")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should fix a boot error on a Thinkpad P51s:
> mdevd: fatal: unable to receive netlink message: No buffer space available
From the mdevd documentation[1]:
> • -b kbufsz : try and reserve a kernel buffer of kbufsz bytes for
> the netlink queue. Too large a buffer wastes kernel memory; too
> small a buffer risks losing events. The default is 500 kB, which
> should be enough for most systems; if you're getting "No buffer
> space available" errors from mdevd at coldplug time, try
> increasing this number.
The new value of 128MiB is used by default by both udev and Busybox's mdev.
[1]: https://skarnet.org/software/mdevd/mdevd.html
Reported-by: Tero Tervala <tero.tervala@unikie.com>
Message-Id: <20220423124630.749434-1-hi@alyssa.is>
Tested-by: Tero Tervala <tero.tervala@unikie.com>
|
|
|
|
|
|
|
|
| |
It apparently doesn't on Ubuntu, and this way we also don't have to
hack around it being missing in the Nix sandbox.
Reported-by: Ville Ilvonen <ville.ilvonen@unikie.com>
Message-Id: <20220406082038.4012718-1-hi@alyssa.is>
|
|
|
|
| |
Fixes: 5702bde ("etc/init: switch from s6-mount to Busybox mount")
|
|
|
|
|
|
|
|
|
| |
Now that we're using a proper modprobe implementation, some of these
weird modprobes we shouldn't have needed in the first place can
actually be removed.
Message-Id: <20220321140107.1043654-2-hi@alyssa.is>
Tested-by: Ville Ilvonen <ville.ilvonen@unikie.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Trying to use modprobe from Busybox has caused nothing but problems.
The latest issue is that it doesn't implement softdep at all.
rootfs.ext4 before: 509M
rootfs.ext4 after: 513M
Thanks-to: Puck Meerburg <puck@puckipedia.com>
Message-Id: <20220321140107.1043654-1-hi@alyssa.is>
Tested-by: Ville Ilvonen <ville.ilvonen@unikie.com>
|
|
|
|
| |
And move to shell.nix — it's just needed here for testing.
|
| |
|
|
|
|
|
| |
If two consoles can be open for the same pty at once, things break
spectacularly, so let's try to prevent that.
|
|
|
|
|
|
| |
Aside from the experience benefit of not popping the netvm console
open when it's not required, this also simplifies the implementation a
lot, because it means each VM only has to be a single service.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is very useful when debugging a crashing program, because the
core file can be loaded into gdb on the host system, which will
hopefully already be set up with the source code of the program,
debugging symbols, etc.
The core dump handler is installed unconditionally such that it'll be
present even if Spectrum isn't running in a VM, or doesn't have a
virtio-vsock device, because there's not much that could usefully be
done with a core file in those situations anyway at the moment.
Eventually we'd probably want to e.g. load it into a VM by default,
when Spectrum is more self-hosting.
|
| |
|
|
|
|
|
|
|
|
| |
This way, we don't allow arbitrary code from the ext partition to run
on the host system, which gives us better integrity guarantees when
paired with Secure Boot. This new scheme also makes it easy to
introspect VMs, since they're defined using a very limited
configuration language.
|
|
|
|
|
| |
This way, we don't have to override to remove systemd, and we also get
the ncurses dependency removed as well.
|
|
|
|
|
|
|
| |
I don't think Nix files are likely to contain anything particularly
worth protecting with copyleft, and I'd like to make code sharing with
Nixpkgs as easy as possible, so I think it's a good idea to adopt the
policy that Nix files are MIT-licensed by default to match Nixpkgs.
|
| |
|
| |
|
|
|
|
|
|
| |
This fixes make run, which didn't work before because there was no
verity to look at, and makes it so that we don't have to build a GPT
image every time we want to test any change, which was very slow.
|
| |
|
|
|